Skip to main content

Terraform | Troubleshooting Integration Failures: 500 AddError and Unsupported Attribute

Updated

Overview

Users may encounter an error (500): AddError or an Unsupported attribute error when managing CrowdStrike or other non-Wiz integrations via Terraform. This usually indicates a mismatch between the HCL configuration and the data expected by the Aembit API.

Relates To

  • Aembit Component: Terraform Provider - Versions 1.29.0 and 1.30.0.
  • Resources: aembit_integration.
  • Integrations: CrowdStrike and Wiz.

Cause

These errors are triggered by two primary scenarios:

  1. Invalid Payload (500 Error): The Aembit Provider sends an object to the Aembit API that is missing required configuration data or contains unexpected fields. A common trigger is when CrowdStrike API values (like client_id or client_secret) are passed from Terraform as empty strings "", or when an unsupported audience field is included.
  2. HCL Reference Error (Unsupported Attribute): The Terraform configuration attempts to access a map key (e.g., each.value.audience) that does not exist in the source data for a specific integration instance.

Solution

1. Upgrade Provider

Ensure your configuration is pinned to Aembit Provider version v1.30.0 or higher to support the latest integration schema.

2. Harden HCL with Safe Lookups

When using for_each loops with data maps, avoid direct attribute access. Use the lookup() function to provide a safe null default for optional keys. This prevents "Unsupported attribute" errors and ensures the attribute is cleanly omitted from the API request when not present.

# Safe lookup pattern
integration_audience = lookup(each.value, "audience", null)

3. Implement Conditional Merging

Inside your resource block, use the merge() function to conditionally include attributes based on the integration_type. This ensures that attributes like audience are only sent for integrations that require them (e.g., Wiz).

resource "aembit_integration" "example" {
  # ... other attributes ...

  oauth_client_credentials = merge({
    token_url     = var.token_url
    client_id     = var.client_id
    client_secret = var.client_secret
  }, var.integration_type == "WizIntegrationApi" ? {
    audience = var.integration_audience
  } : {})
}

4. Verify Variable Integrity

If the error persists after fixing the HCL logic, verify that the CrowdStrike configuration values are being correctly ingested by Terraform from your Secret Store (Vault) or TFC Workspace.

  • Check the TFC Plan logs: If the CrowdStrike client_id or client_secret appear as "" instead of (sensitive value), your variable mapping is likely failing.
  • Ensure Variable Import: Confirm that the root module is correctly receiving and passing these values to the integration resource.

Related articles

Powered by Zendesk